Solved

Http connector Exact online

  • 19 November 2021
  • 32 replies
  • 1048 views

Userlevel 3
Badge +11

I’ve maganged to setup the connection to the Exact Online API from postman.

Now I try to setup the connection from the SF but we running into an invalid_request error as a result.

I’ve used the same input variables and keys, so at the moment I’ve not a clue why this result is happening:

 

 

 

 

 

 

Has anybody in the community succesfully connected to the Exact Online API.

 

icon

Best answer by Dick van den Brink 19 January 2022, 14:20

View original

32 replies

Userlevel 4
Badge +2

A new blog post is just released, maybe it provides some helpful extra information.

It is good to hear that everything is already working for you!

Regards,

Dick

Userlevel 3
Badge +11

Dick, It’s all working at the moment. I store the expiration datetime and when expired I do a refresh token call. That works fine. That’s only one extra step in all my process flows. And indeed somehow my process flow variable was set to 250 characters and the token is 700 so that’s fixed as well.

When it all works, it’s very simple, but to find out how how to get all the headers, tokens, json, input and output parameters in the right place in the right format is quite a challenge. 

I’m now setting up step by step all the endpoints. Accounts, BankAccounts, SalesEntries etc.

Userlevel 4
Badge +2

Exact Online can also return JSON from a GET request, with the right header as documented here.

https://support.exactonline.com/community/s/knowledge-base#All-All-DNO-Simulation-header-types

 

For the current issue, you said you could get the new codes and that after that it didn't work correctly anymore, specifically the access_token. Is the datatype for the access token long enough? (also in the process procedures?).

Also note, Exact Online doesn't allow refreshing the access token before 9 minutes and 30 seconds are passed, according to their documentation. So always calling the OAuth Refresh Token Connector might not work.

I am also working on a small guide, to make it more clear how to use the OAuth connectors, but it might take a while for me to finish.
 

 

Userlevel 3
Badge +11

For exact: With a post you send JSON

With a get an XML is returned.

Userlevel 3
Badge +11

Hi Dick, this is what I have in my headers.. 

[{"Key":"Authorization","Value":"Bearer {access_token}"}]

 

In the content_type: application/xml

In the content the variable where the reponse it stored

In the HTTP method; GET

And in the URL the: endpoint address


 

 

Userlevel 4
Badge +2

I noticed the tokens Exact Online returns wont be valid in jwt.io, so that part of my reply can be ignored.

How do you use the access_token in the HTTP Connector?
I could get it to work by setting the HTTP method to GET and adding the following headers:

[ { "Key": "Accept", "Value": "application/json" }, { "Key": "Authorization", "Value": "Bearer {var_access_token}" } ]

I have a variable in my process flow called “var_access_token”.

Userlevel 4
Badge +2

Hi Edwin,

Can you check the access token from Postman and the one you got back from the OAuth Refresh Connector with this website?
https://jwt.io/

I am curious if both are valid (and if there are differences). Of course the client_id and the expire time are different but the rest should be mostly the same.

Userlevel 3
Badge +11

Next step…. I found out that the refresh code may expire. If expired I can retrieve a new set without logging in again. I have this working via the TW application. I can retrieve the codes but the odd thing at this moment is that I can run the process flow to retrieve a new set of codes and I can store them into 2 system parameters in the TW application. So the refresh token is working. When I try to reach the end point I’m getting the autorization error.  I ran it as well in postman with the code I got via the TW process flow and also there I’m running into an authorization error. Digging a bit further I saw a. message about base64 coding. So what I did, is rerun the refresh request from postman. Paste the access code into the application and then run the application. And then it works. I’m also able to retrieve data from the answer en putting it into a database field. So When running the refresh process flow via the TW application returns a valid refresh code but an unvalid access code. This clarifies the question that I saw it working once…. 

So apparently something is wrong with the access code coming back. Or I don’t know how to handle it, that is more likely the issue…

 

 

Userlevel 3
Badge +11

Hi, I managed to get the refresh token work in the SF on the final installation. It retrieves a new set of an access token and a refresh token and I can store them in the system parameters table of the end application. 
I’m however still struggling with the connection the endpoint. I managed to get it work once and I could see the content of the XML. 
I’m now trying in a test situation to process the result, but now I run in authentication issues all the time. 

This is the result of the header coming back.

 

  Http response headers [{"Key":"Pragma","Value":"no-cache"},{"Key":"Reason","Value":"AuthenticationRequired: Authentication required"},{"Key":"DataServiceVersion","Value":"1.0;"},{"Key":"Content-Length","Value":"0"},{"Key":"Cache-Control","Value":"no-cache, no-store"},{"Key":"Content-Type","Value":"application/xml"},{"Key":"Expires","Value":"-1"},{"Key":"WWW-Authenticate","Value":"Bearer error=\"invalid_token\",error_description=\"Signed%20data%20extraction%20has%20failed\",Bearer"},{"Key":"X-Xss-Protection","Value":"1; mode=block"},{"Key":"X-Content-Type-Options","Value":"nosniff"},{"Key":"Referrer-Policy","Value":"strict-origin-when-cross-origin"},{"Key":"Date","Value":"Thu, 06 Jan 2022 20:40:38 GMT"},{"Key":"Connection","Value":"keep-alive"},{"Key":"Set-Cookie","Value":"ASP.NET_SessionId=asl12hqvem1f4n0xiecl20fp; SameSite=lax; path=/; secure; HttpOnly; SameSite=Lax,ExactOnlineClient=8WlJeRDs+ihV05VbfnwR1pnRYiiX2Fkxv5PuMVVqkGJ3FIPpePoDNlRq/WwrYo+aALJJERKBv3cCrWhzuJSbp0LyqLFAq9PTmGaVaiunUFeFQAgkr2A3fkrHjZxHrxOAeCsLZq8UZFqEI2QXoNyA+iNoPbld47gaPTdh3L3/vNw=; SameSite=lax; expires=Mon, 31-Dec-2198 23:00:00 GMT; path=/; secure; HttpOnly"},{"Key":"Strict-Transport-Security","Value":"max-age=31536000 ; includeSubDomains ; preload"}]

 

The refresh token key is only valid for 10 minutes (600sec) that makes live not easier.
I’m setting a timer on my watch all the time to run the refresh token process flow. The good news is that this works.
The access code is stored in de database,

But when I run the endpoint process flow I’m now always getting the authentication error.

See below the result.. As said I managed only ONCE to get a value in the leverancier_data variable


I also do not have a solution yet to get the first authentication code.
I do this still with postman. I put a hyperlink in a browser, then Exact asks me to login with the username password and the authenticator number (Google authenticator) Then you get a browser link back with a first access_code. But in this one I manually have to replace the %21 for a !. With that code I’m getting the first set of access_token/refresh token. 

I really don’t know how to set this up with the exact login process?
 


 

 

Userlevel 3
Badge +11

Vincent, thanks for the answer. I will upgrade the windows GUI.

Most important is that I managed to get it work at the end of the day. I still think it was a firewall issue. 
On the test-installation it worked because the Indicium was reachable from the internet.
On the installation where it doesn’t work the Indidicum was not reachable from the internet. So I think I can send out the request, but the answer is not accepted because of a firewall issue.
On my test installation I was able to run the refresh token request as well a request to an endpoint. 
So when the Indicium on the final installation is reachable from the Internet I will try again, but when it works on my test installation it should work as well on the final installation

Userlevel 6
Badge +4

Hello Edwin,

The -100 status code means that the process action is unsupported. The version of the Windows GUI that you’re using is too old, it does not support the OAuth process actions.

I hope this helps.

Userlevel 3
Badge +11

I did a setup in another installation where the indicium is ‘reachable’ from the internet there the refresh token action is working…..

Userlevel 3
Badge +11

Can it be a firewall issue?? Since I’m running it from the Windows GUI, there is no activity at all in Indicium. This IIS where the Indicium is running is not reachable from the Internet ‘yet’.

If I do a request, should this be visible im the Indicium logs? And maybe I can do a  request to the outside world, perhaps the answer is simply not coming back because of a firewall rule / connection?

Userlevel 3
Badge +11

Vincent, 

I changed the connector to the refresh connector. At least my Object Reference message is gone now.

Now I’m running into an -100 status_code which is as far as I can see not documented.
 

 

We’ve setup 2 applications in Exact online. 1 for postman and 1 for the TW application. In postman everything is working, and I’m now using the refresh token from postman in the SF. Of course I use the same client_id and the same secret_id as in postman. So all three parameters belong to the same connection. I think exact cannot ‘see’ where we’re calling from as long I don’t mix up the credentials.

What I’m doing now is:
1. An authorization request in postman. I’m doing that in a browser. Exact asks me to login including the two way authentication. Exact returns in the URL an in this URL is the Code for the first Code request
2. The next step is the first token request which I run in postman.
3. This step returns in json the acces token and the refresh token as below

{

"access_token": "gAAAAAmRzs…………..”,

"token_type": "bearer",

"expires_in": "600",

"refresh_token": "Y2MN!IAAAAL-IqLx………….."

}

So I use postman (till now) for the first refresh code. 

  1. With the refresh token I can request for a new access token and a new refresh token. And I can rerun this process whenever I want. I’ve no limitations in the 9:30 - 10:00 minutes like the docs of Exact mentions.
  2. With the access token I can do a request  to an endpoint and I’m getting a result - in postman.

I’ve setup step 4 (getting the refresh token) in the SF with the 0auth refresh token process flow action. In this action I use the exact online oauth server (with the corrected path as you said) and the only input is the refresh token.
I’ve copied the refresh token from postman in the process variable and I connect the process variable refresh-token to the input. 

But still the result = -100. There is no other message or stack trace. Also there is nothing in the debugger.

In the Indicium log of the SF (I run the application against the SF) there is also nothing.

There is one message returning every 15 minutes, but I think that has nothing to do with the process I’m trying to setup now
2021-11-25T14:45:00.0089779+01:00  [ERR] Process action 'http_connector' was not provided a (valid) value for its 'URL' parameter. (0680995c)

 

Userlevel 6
Badge +4

Hello Edwin,

I do recommend using the OAuth connectors over the HTTP connector. Note that the purpose of the OAuth login connector is to obtain your initial access_token and, more importantly, your refresh_token. Once you have these, you can use the OAuth refresh token connector to exchange the refresh_token for a new access_token.

A few side notes here regarding Exact Online:

  • Access tokens are only valid for 10 minutes. After an access token has expired, you must request a new one using your refresh token. Access tokens cannot be refreshed before they are 9 minutes and 30 seconds old.
  • Refresh tokens may only be used once. Upon using a refresh token to obtain a new access token, you will also receive a new refresh token.

OAuth login connector

I'm not sure if you even want to use the OAuth login connector or if you want to jump straight in to the OAuth refresh token connector, because you already seem to have a refresh token. However, if you need to use the OAuth login connector, you will need to fix a few things which I have outlined below.

  1. The authorization URL for Exact Online is https://start.exactonline.nl/api/oauth2/auth you are missing the last segment in your OAuth server configuration. Note Exact Online's documentation below. This should only be relevant for the OAuth Login Connector though.

 

  1. If you look at our documentation, you will see that the default redirect_uri for the OAuth Connector in the Windows GUI is http://localhost/oauth-callback. However, Exact Online only accepts HTTPS redirect URIs, as written in their documentation. Therefore it is necessary to overwrite the redirect URI to https://localhost/oauth-callback with the corresponding application setting in IAM. Again, this is only relevant for the OAuth Login Connector.

 

  1. Make sure that the redirect URI from step 2 is also registered in your App configuration at Exact Online. Exact Online will reject the request if you haven't done this. Again, this is only relevant for the OAuth Login Connector.

 

OAuth refresh token connector

Once you have your refresh token, you will want to use the OAuth refresh token connector whenever you need to obtain a fresh access token after it has expired. The OAuth refresh token connector simply has one input parameter, the refresh token. It will output a new access token and a new refresh token. Note that your old refresh token is now invalid, only the new refresh token will work.

Making API calls

Now that you have your access token and a way to continuously refresh it when necessary, you can make your API calls by using an HTTP connector. Our Authentication type input parameter is missing the value ‘Bearer’ which you will need to use for your API calls, but you can add Bearer authentication yourself by setting the following header:

[{"Key":"Authorization","Value":"Bearer {access_token}"}]

Note Exact Online's documentation on this as well:

Troubleshooting

With all this said, you might still get that error in the Windows GUI, if so, please expand the error so we can see what is going wrong.

I hope this helps.

Userlevel 3
Badge +11

Hi Erwin, thanks for all your support and tips  but I don’t think it’s an authentication problem and I’m really getting stuck whatever I try. (Sorry for the layout but this f… editor suddenly creates a table when I copy the result from the proces montior)

 

I tried 3 methods, see below in the bold indicated sections.

  1. Just the refresh token step via the http connector
  2. Just the endpoint step starting with a valid acces token I obtained from postman. Hope this is not the problem)
  3. The oauth proces action. This one fails directly in an application error message

So I’m totally getting stuck at this moment, really well knowing that all this API stuff is pretty new for me.

 

I’m getting a result from exact online, but the result is “invalid request”. If there is something with the authorization Exact will give back another message. I’m pretty sure I’m almost there, but I am not able to see what the SF creates as the final call. I can edit the connector params and I can test it. I can see the result in the proces flow monitor but I cannot see what the SF is finally sending to exact. 

----------------------------- Refresh token via http connector failes in invalid request

When I try the refresh token via the http connector I’m getting back an header with this info: 

headers

[{"Key":"Content-Length","Value":"27"},{"Key":"Cache-Control","Value":"no-cache,no-store"},{"Key":"Content-Type","Value":"application/json"},{"Key":"Expires","Value":"-1"},{"Key":"Pragma","Value":"no-cache"},{"Key":"Referrer-Policy","Value":"strict-origin-when-cross-origin"},{"Key":"X-Content-Type-Options","Value":"nosniff"},{"Key":"X-Xss-Protection","Value":"1; mode=block"},{"Key":"Date","Value":"Tue, 23 Nov 2021 10:28:19 GMT"},{"Key":"Connection","Value":"close"},{"Key":"Set-Cookie","Value":"ExactOnlineClient=SB0Q8zFGGDK7ZWzICaPXt7XxiiRFGATAnZ1rZSQSjWEBmQTOiV0wPjHvp/WwU/6po8wy3y3w68xb09aHX3GnPOXQegom1fOso2L8nbALt6mxqP13wP8pXanYW4zTVqmKcHZwdg9gRM8dIiYjozg0GQSvyP7ChbMYEcV4BzrKgK0=; SameSite=lax; expires=Mon, 31-Dec-2198 23:00:00 GMT; path=/; secure; HttpOnly"},{"Key":"Strict-Transport-Security","Value":"max-age=31536000 ; includeSubDomains ; preload,max-age=31536000 ; includeSubDomains ; preload"}]

And in the result parameter: invalid request.

In de debug: The remote server returned an error: (400) Bad Request.  

So nothing about authorization or authentication. Exact is not able to understand the request we put.

----------------------------- Endpoint request fails in Unauthorized

When I try the endpoint to get the accounts at this moment I’m running into Unauthorized.

However I just retrieved a new access token via postman.
Question: Is it possible to retrieve an acces code in postman and use it in the SF to test?

 

  result <?xml version="1.0" encoding="utf-8" standalone="yes"?>
<error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
 <code></code>
 <message xml:lang="">Unauthorized - Authentication required</message>
</error>

 

 

------------------- oAuth connector fails with an SF error message. No debug no result

 

I’ve setup an 0Auth step in my proces flow as well. I created an oauth server:

 

And I created a really simple workflow with only this 1  step.

The output variables
Tthe input variables
The proces varaiables I put in the access token obtained via postman here

The result in the end applicatoin. Step 2 which is the oauth step fails directly

 

 

 

 

 

 

 

Userlevel 6
Badge +16

Here is some additional info regarding connecting to exact online: 

https://support.exactonline.com/community/s/knowledge-base#All-All-DNO-Content-oauth-eol-oauth-devstep3

Userlevel 6
Badge +16

The link is currently down. go to docs https://docs.thinkwisesoftware.com/ and in the search bar type  Oauth Flow

Userlevel 6
Badge +16

Here you can find some more infomation regarding OAUTH tokens:

https://docs.thinkwisesoftware.com/docs/sf/process_flows#oauth-connectors

Userlevel 3
Badge +11

Authentication is something else then authorization?

 

Userlevel 3
Badge +11

I have only a few options there. I cannot choose the option bearer token of am I looking in the wrong place now

 

Userlevel 3
Badge +11

Is this what you mean? What should I change in the SF. SHould I add setup the authentication type with Bearer token

 

 

Userlevel 6
Badge +16

From the green dot in postman it suggest you added authentication there. So the same request from the SF should include the same authentication. Try adding the authentication and check if the error changes. 

Userlevel 3
Badge +11

And tried to add the header as you suggested. I copied it exactly what you described, so including the [ and the { including/till the }] But still I’m running into an invalid request

Userlevel 3
Badge +11

We’ve set Nothing for the authentication type. Should we?

 

Reply